qbittorrent[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

qbittorrent.exe
Size

18.9MB
MD5

f4e30c83ef7cbf27320a97ee71ea1317
SHA1

a744f2b2fd92cb6fadf89b53cd0113b50792488f
SHA256

63f248818931ab295ab585759a074b60ca66cbd59644781e056e5f47959ffec2
SHA512

e51f876cc0fa48f2b151e20fce44ea037fdd6e071bee721b1bebb92a8721a347093fa3b540fd3021b55f74ee307cb621228ed96a08ff57d71b299944079da0e1
SSDEEP

393216:I269ATMlkr0AagEaNwBUgCEjeAplQUNAOfnMbxO7tJsv6tWKFdu9CjF9:xagtwBXCY8UNAO/939

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
qbittorrent.exe

Files

qbittorrent.exe
.exe windows:6 windows x86 arch:x86

4e5cab5c810942709f46ba68337ad388

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\QBITTORRENT\build-qbittorrent421-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb

Imports

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
CancelIPChangeNotify
NotifyAddrChange
ConvertInterfaceLuidToGuid

powrprof

SetSuspendState

shell32

Shell_NotifyIconW
SHChangeNotify
SHGetPathFromIDListW
ord155
SHOpenFolderAndSelectItems
SHGetFileInfoW
SHGetKnownFolderIDList
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetMalloc
ShellExecuteW
SHGetStockIconInfo
ord727
CommandLineToArgvW
Shell_NotifyIconGetRect
ord190
SHCreateItemFromIDList
SHGetKnownFolderPath

user32

CallNextHookEx
SetTimer
GetQueueStatus
KillTimer
PostThreadMessageW
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetMessageExtraInfo
GetAsyncKeyState
TrackMouseEvent
GetIconInfo
GetCursor
GetCursorInfo
CreateIconIndirect
UnhookWindowsHookEx
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
DestroyIcon
AllowSetForegroundWindow
ShutdownBlockReasonCreate
ShutdownBlockReasonDestroy
RegisterClassW
SetWindowsHookExW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SystemParametersInfoW
GetSystemMetrics
ReleaseDC
GetDesktopWindow
GetSysColor
GetDC
DestroyWindow
DefWindowProcW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
GetDoubleClickTime
IsWindow
MessageBeep
EndPaint
BeginPaint
IsIconic
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
EnableMenuItem
UpdateLayeredWindow
SetWindowLongW
FlashWindowEx
SetCursor
SetCapture
SetParent
GetUpdateRect
SetFocus
SetLayeredWindowAttributes
UnregisterTouchWindow
MoveWindow
GetForegroundWindow
AttachThreadInput
SetWindowPlacement
IsChild
ClientToScreen
RegisterTouchWindow
GetCapture
ShowWindow
DestroyCursor
GetWindowPlacement
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowRgn
SetWindowPos
IsWindowVisible
GetWindowRect
GetWindow
MonitorFromPoint
PostMessageW
IsTouchWindow
AdjustWindowRectEx
GetSystemMenu
GetWindowThreadProcessId
GetWindowLongW
GetCursorPos
LoadImageW
GetSysColorBrush
GetClientRect
GetKeyboardLayoutList
GetClassInfoW
WindowFromPoint
RegisterClassExW
ChildWindowFromPointEx
UnregisterClassW
GetFocus
ChangeClipboardChain
IsHungAppWindow
SetClipboardViewer
FindWindowA
RegisterWindowMessageW
ShowCaret
DestroyCaret
IsWindowEnabled
GetKeyboardLayout
CreateCaret
SetCaretPos
HideCaret
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
ToAscii
IsZoomed
TrackPopupMenuEx
ToUnicode
PeekMessageW
SetMenuItemInfoW
GetKeyboardState
GetMenu
MapVirtualKeyW
GetKeyState
LoadIconW
CreateMenu
AppendMenuW
RemoveMenu
InsertMenuW
DrawMenuBar
DestroyMenu
SetMenu
TrackPopupMenu
CreatePopupMenu
ModifyMenuW
GetMenuItemInfoW
RegisterClipboardFormatW
EnumDisplayDevicesW
GetClipboardFormatNameW
SetCursorPos
LoadCursorW
CreateCursor

dbghelp

SymCleanup
SymInitialize
StackWalk64
SymFromAddr
SymSetContext
SymGetModuleInfo64
SymEnumSymbols
SymGetLineFromAddr64

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetVirtualKey
ImmGetCompositionStringW
ImmAssociateContext
ImmGetOpenStatus
ImmSetCandidateWindow
ImmNotifyIME
ImmAssociateContextEx

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayCreateVector

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

IsThemeActive
GetCurrentThemeName
IsAppThemed
IsThemeBackgroundPartiallyTransparent
CloseThemeData
ord47
GetThemeBackgroundRegion
GetThemePropertyOrigin
GetThemeTransitionDuration
GetThemeEnumValue
GetThemePartSize
GetThemeColor
OpenThemeData
GetThemeInt
GetThemeMargins
GetThemeBool
SetWindowTheme

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

gdi32

SetTextAlign
GetDIBits
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
SetBkMode
ExtTextOutW
CombineRgn
DeleteObject
SelectClipRgn
GetRegionData
DeleteDC
CreateRectRgn
GdiFlush
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
OffsetRgn
GetDeviceCaps
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetObjectW
GetBitmapBits
CreateFontIndirectW
GetFontData
EnumFontFamiliesExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
AddFontResourceExW
RemoveFontResourceExW
GetStockObject
GetTextFaceW
GetOutlineTextMetricsW
GetTextExtentPoint32W
SetGraphicsMode
SetWorldTransform
GetGlyphOutlineW
GetCharABCWidthsFloatW

ole32

CoUninitialize
CoInitializeEx
CoLockObjectExternal
OleIsCurrentClipboard
OleSetClipboard
OleGetClipboard
OleFlushClipboard
CoInitialize
CoCreateInstance
DoDragDrop
ReleaseStgMedium
CoTaskMemFree
CoGetMalloc
OleInitialize
CoCreateGuid
StringFromGUID2
OleUninitialize
RegisterDragDrop
RevokeDragDrop

advapi32

InitiateSystemShutdownW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
GetEffectiveRightsFromAclW
AccessCheck
MapGenericMask
LookupAccountSidW
GetNamedSecurityInfoW
DuplicateToken
BuildTrusteeWithSidW
InitializeSecurityDescriptor
GetTokenInformation
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
CopySid
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextW
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptGetProvParam
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
LookupPrivilegeValueW
RegFlushKey
AdjustTokenPrivileges
OpenProcessToken
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
AddAccessAllowedAce
FreeSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
SystemFunction036

ws2_32

WSAStringToAddressW
WSAIoctl
socket
WSACreateEvent
WSAGetLastError
ntohs
htonl
WSACleanup
WSASendTo
WSARecvFrom
getpeername
__WSAFDIsSet
WSAHtonl
WSAAccept
WSAConnect
WSANtohl
WSANtohs
accept
getnameinfo
bind
closesocket
WSASend
select
listen
WSASocketW
gethostname
WSAAsyncSelect
getaddrinfo
getsockname
connect
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
htons
WSAAddressToStringW
ntohl
WSAStartup
WSASetLastError

mpr

WNetGetUniversalNameW

netapi32

NetShareEnum
NetApiBufferFree

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
InterlockedFlushSList
QueryDepthSList
RtlUnwind
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
HeapSize
ExitThread
GetCommandLineA
SetStdHandle
GetConsoleCP
HeapFree
HeapAlloc
IsValidLocale
GetStringTypeW
GetTickCount
GetExitCodeThread
RaiseException
DecodePointer
EncodePointer
TryEnterCriticalSection
EnumSystemLocalesW
GetProcessHeap
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
WriteConsoleW
GetProcessAffinityMask
VirtualAlloc
VirtualFree
GetGeoInfoW
GetUserGeoID
GetTimeZoneInformation
ReleaseSemaphore
CreateSemaphoreW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
VirtualQuery
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
FileTimeToSystemTime
MoveFileExW
MoveFileW
GetCurrentDirectoryW
GetTempPathW
GetLogicalDrives
SetFileTime
GetFileInformationByHandleEx
GetFullPathNameW
GetVolumePathNamesForVolumeNameW
TzSpecificLocalTimeToSystemTime
GetStartupInfoW
EnterCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
WaitForSingleObject
FormatMessageW
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
QueueUserAPC
LocalFree
DeleteCriticalSection
WideCharToMultiByte
TlsFree
FormatMessageA
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
CreateMutexW
ReleaseMutex
ProcessIdToSessionId
Sleep
OpenMutexW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetFileAttributesW
SetFileAttributesW
GetVolumePathNameW
GetDriveTypeW
GetSystemDirectoryW
SetThreadExecutionState
VerSetConditionMask
VerifyVersionInfoW
PostQueuedCompletionStatus
TlsGetValue
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
SetLastError
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
CreateEventW
SleepEx
CreateIoCompletionPort
GetFileAttributesExW
CreateDirectoryW
RemoveDirectoryW
CreateHardLinkW
CreateFileW
GetFileInformationByHandle
DeleteFileW
CopyFileW
ReadFile
FindFirstFileW
GetFileSizeEx
FindNextFileW
WriteFile
DeviceIoControl
SetEndOfFile
FindClose
LoadLibraryA
GetOverlappedResult
SetFilePointerEx
CreateEventA
GetCurrentThreadId
CreateWaitableTimerA
CancelIo
GetModuleHandleA
GetSystemTimeAsFileTime
RegisterWaitForSingleObject
UnregisterWaitEx
GlobalMemoryStatusEx
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetModuleHandleW
GetFileType
DeleteFiber
SwitchToFiber
CreateFiber
QueryPerformanceCounter
FreeLibrary
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
GetConsoleMode
ReadConsoleW
SystemTimeToFileTime
GetSystemTime
lstrcmpW
WTSGetActiveConsoleSessionId
OpenProcess
CheckRemoteDebuggerPresent
GetLocaleInfoW
SetErrorMode
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
GetUserDefaultLangID
GetVolumeInformationW
GetLongPathNameW
GetConsoleWindow
ExitProcess
InitializeCriticalSection
DisconnectNamedPipe
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ResetEvent
GlobalFree
SetHandleInformation
CompareStringEx
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
DuplicateHandle
SetFilePointer
WaitForSingleObjectEx
GetExitCodeProcess
GetLocalTime
CreateThread
GetSystemInfo
SwitchToThread
GetThreadPriority
SetThreadPriority
ResumeThread
GetNativeSystemInfo
QueryPerformanceFrequency
GetTickCount64
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
CompareStringW
LCMapStringW
CancelIoEx
ReadFileEx
PeekNamedPipe
WriteFileEx
GetModuleFileNameW

mswsock

AcceptEx
GetAcceptExSockaddrs

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateContext
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext

winmm

timeKillEvent
timeSetEvent

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e5cab5c810942709f46ba68337ad388

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

powrprof

shell32

user32

dbghelp

imm32

oleaut32

wtsapi32

uxtheme

dwmapi

gdi32

ole32

advapi32

ws2_32

mpr

netapi32

userenv

version

kernel32

mswsock

bcrypt

crypt32

winmm

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.rdata Size: 8.3MB - Virtual size: 8.3MB

.data Size: 207KB - Virtual size: 296KB

.qtmetad Size: 1KB - Virtual size: 1KB

.rsrc Size: 149KB - Virtual size: 148KB

.reloc Size: 423KB - Virtual size: 423KB

.text
Size: 9.9MB - Virtual size: 9.9MB

.rdata
Size: 8.3MB - Virtual size: 8.3MB

.data
Size: 207KB - Virtual size: 296KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 149KB - Virtual size: 148KB

.reloc
Size: 423KB - Virtual size: 423KB